Method and apparatus for delegation of secure operating mode access privilege from processor to peripheral

ABSTRACT

In a processing system comprising a processor and a plurality of peripherals coupled to the processor, access privileges of a secure operating mode of the processor are delegated to at least a given one of the peripherals. The given peripheral is configured to store, in a secure portion of that peripheral, state information indicative of the processor being in a secure operating mode. The given peripheral is further configured to utilize the stored state information to allow the given peripheral to access at least one resource that is accessible to the processor in the secure operating mode but is not otherwise accessible to the given peripheral. The processing system may comprise, for example, a system on a chip, wherein the processor and peripherals are combined into a single integrated circuit.

FIELD OF THE INVENTION

The present invention relates generally to processing systems and moreparticularly to techniques for providing security against unauthorizedaccess to peripherals and other resources within such systems.

BACKGROUND OF THE INVENTION

A computer or other processing system generally comprises a processorand a number of peripherals. The processor and its associatedperipherals may be discrete system components, or may be combined into asingle integrated circuit. The latter type of arrangement is alsoreferred to as a system on a chip (SOC). The peripherals may beimplemented, by way of example, as dedicated pieces of hardware that areconfigured to perform specified tasks at the request of the processor.These peripherals are typically controlled by software running on theprocessor. Particular portions of this software, referred to herein assoftware agents, write configuration information to the peripheralsspecifying details of the requested tasks.

Certain processor architectures allow the processor to operate in asecure mode. When operating in the secure mode, the processor isgenerally able to access all peripherals or other system resourceswithout restriction. The secure operating mode is typically reserved foruse by a limited set of high privilege software agents that run on theprocessor and have been previously verified and proven trustworthy andcorrect. Low privilege or unprivileged software agents are alsopermitted to run on the processor, but cannot use the secure operatingmode. These unverified software agents are instead run in a non-securemode. Limiting the use of the secure operating mode to a small subset ofthe software agents reduces the costs associated with software programcode verification, while also ensuring that unverified software agentscannot undermine the security of the overall system.

A problem that arises in conventional processing systems of the typedescribed above is that system elements other than the processor oftenhave access to secure information within the processing system. Forexample, peripherals may obtain access to secure information in thecourse of performing various tasks at the request of the processor, suchas tasks associated with direct memory access (DMA), encryption andinterrupt control. Although the processor that requested performance ofthe tasks may itself be operating in a secure mode, the correspondingperipherals may not have a secure operating mode. As a result, thesecurity of the system may be vulnerable to attack through non-securesoftware agents that have access to the same peripherals that performtasks for secure software agents.

SUMMARY OF THE INVENTION

Illustrative embodiments of the present invention provide enhancedsecurity in a processing system that includes a processor and a numberof associated peripherals, by providing a mechanism for delegation ofaccess privileges of a secure operating mode from the processor to oneor more of the peripherals.

In accordance with one aspect of the invention, at least a given one ofthe peripherals is configured to store, in a secure portion of thatperipheral, state information indicative of the processor being in asecure operating mode. The given peripheral is further configured toutilize the stored state information to allow the given peripheral toaccess at least one resource that is accessible to the processor in thesecure operating mode but is not otherwise accessible to the givenperipheral.

In an illustrative embodiment, the processor conveys the privilege levelof its current operating mode to the peripheral in conjunction with abus transaction carried out between the processor and the peripheral.The peripheral utilizes the conveyed privilege level to access a givenresource in conjunction with a bus transaction carried out between theperipheral and the given resource. The given resource may comprise, forexample, another one of the peripherals of the processing system. Thestored state information indicative of the privilege level of theperipheral as delegated by the processor generally cannot be modified bya software agent running in a non-secure operating mode of theprocessor. However, the stored state information indicative of delegatedprivilege level may be cleared upon completion of a corresponding task,where the task is performed by the peripheral at the request of a securesoftware agent running on the processor in the secure operating mode.

The illustrative embodiments allow the access privileges of secureprocessor operating modes to be delegated to peripherals in a controlledmanner, thereby eliminating additional security risks that couldotherwise arise in the processing system. The delegated accessprivileges are retained by the peripherals in the form of secure stateinformation that cannot be altered by non-secure software agents.Moreover, a given peripheral can utilize the stored state information toaccess other system resources that it would not otherwise be able toaccess absent the delegated access privileges of the processor.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an illustrative embodiment of a processing system in whichthe present invention is implemented.

FIG. 2 is a flow diagram of a process for delegating access privilegesof a secure operating mode from a processor to a peripheral in the FIG.1 system.

FIG. 3 is a diagram illustrating one possible implementation of the FIG.2 process in the FIG. 1 system.

FIG. 4 is a more detailed view of one possible implementation ofprocessor and peripheral elements of the FIG. 1 system.

DETAILED DESCRIPTION OF THE INVENTION

The invention will be described herein in conjunction with illustrativeembodiments of processing systems and associated access privilegedelegation techniques. It should be understood, however, that theinvention is not limited to use with the particular processing systemsand techniques described, but is instead more generally applicable toany type of processing system application in which it is desirable toprovide enhanced security for peripherals of that system.

FIG. 1 shows an illustrative embodiment of a processing system 100. Thesystem 100 may be representative of, for example, a computer or SOC, andincludes a processor 102 which communicates with peripherals 104-1,104-2, . . . 104-N over a bus 106. The particular number N ofperipherals is arbitrary and will vary from system to system. Theperipherals may be, for example, dedicated pieces of hardware that areconfigured by software agents running on the processor to performparticular requested tasks. In this embodiment, one or more of theperipherals may comprise, for example, an encryption engine, a DMAengine, or an interrupt controller, as will be described in greaterdetail below. It is also possible that one or more of the peripherals104 may each comprise an internal processor, such that the peripheral isalso able to execute software programs comprising one or more softwareagents.

Although only a single separate processor is shown in FIG. 1, otherembodiments may include multiple such processors, each of which iscoupled to the bus 106 and communicates with at least a subset of theperipherals 104.

The processing system 100 may further include other elements notexplicitly shown in the figure, but commonly included in conventionalimplementations of computers, SOCs or other processing systems. Suchconventional elements, being well understood by those skilled in theart, will not be described in detail herein.

At least one of the peripherals 104 of the system 100 is configured toreceive a delegated access privilege from the processor 102. Thisperipheral generally comprises secure memory for storing stateinformation indicative of the processor being in a secure operatingmode, and processing circuitry that utilizes the stored stateinformation to allow the peripheral to access at least one resource thatis accessible to the processor in the secure operating mode but is nototherwise accessible to the peripheral. The resource that is accessedusing the delegated access privilege may comprise, for example, anotherone of the peripherals 104, or more generally any otheraccess-controlled resource of the system 100.

FIG. 2 shows one embodiment of a process for delegating accessprivileges of a secure operating mode from processor 102 to a givenperipheral 104-i, i=1, 2, . . . N, in the FIG. 1 system. The process inthis embodiment includes steps 200 through 208.

In step 200, the processor 200 conveys the privilege level of itscurrent operating mode to the peripheral 104-i. The processor may conveythe privilege level of its current operating mode to the peripheral inconjunction with an otherwise conventional bus transaction carried outover bus 106 between the processor and the peripheral. A given such bustransaction can be modified in a straightforward manner to allowinformation indicative of the current operating mode of the processor tobe conveyed to the peripheral. This information need not take anyparticular format, but instead need only be capable of reliably andsecurely indicating the processor operating mode.

By way of example, single-bit or multi-bit indicators may be used. Inthe present embodiment, the information is indicative of which of anumber of possible operating modes the processor is currently in. Forexample, the processor may operate in two different modes, a secure modeand a non-secure mode. Thus, certain of the bus transactions are carriedout in one mode and other bus transactions in the other mode. However,the invention is not limited to any particular number or type ofoperating modes.

In step 202, the peripheral 104-i determines if the conveyed privilegelevel is indicative of the secure operating mode of the processor 102.This determination in the present embodiment is based on interpretationof the information conveyed by the processor that indicates theprivilege level of its current operating mode. Thus, the determinationcould involve determining which of two or more operating modes theprocessor is currently in, based on the conveyed privilege level, with afirst possible privilege level being indicative of the secure operatingmode and a second possible privilege level being indicative of thenon-secure operating mode. There may be multiple privilege levelsassociated with each of a number of different operating modes. Forexample, a given secure operating mode may have two or more differentprivilege levels associated therewith.

If the peripheral 104-i determines in step 202 that the processor iscurrently in the secure operating mode, the process moves to step 204.Otherwise, the process moves to step 208, bypassing steps 204 and 206.The determination in step 202 may be based on predetermined knowledge ofparticular privilege levels associated with various operating modes ofthe processor 102, or alternatively may be based on interpretation of anoperating mode identifier or other information conveyed by theprocessor. Any such conveyed information from which the presence orabsence of a secure operating mode may be determined is considered to bewithin the broad scope of the term “privilege level” as used herein.Thus, the conveyed privilege level may comprise, for example, anindicator of one of a number of privilege levels known to be associatedwith a secure operating mode of the processor, or an explicit identifierof a secure operating mode of the processor.

In step 204, the peripheral 104-i securely stores state informationspecifying the privilege level of the secure operating mode of theprocessor 102. The stored state information is generally indicative ofthe processor being in its secure operating mode. This secure storage ofstate information generally involves storing such information in asecure portion of the peripheral. For example, the peripheral may bepartitioned into secure and non-secure portions, also referred to hereinas private and public portions, respectively, with the state informationbeing stored in the secure or private portion of the peripheral. Suchsecure or private portions may comprise, for example, encrypted orotherwise access-controlled portions of a memory or other component ofthe peripheral.

In step 206, the peripheral 104-i utilizes the stored state informationto access at least one resource that is accessible to the processor 102in the secure operating mode but is not otherwise accessible to theperipheral. The resource may be, for example, another one of theperipherals 104 of the system 100, or any other access-controlledresource of the system. The peripheral 104-i is thus permitted to accessany peripherals or other resources that are accessible to the processor102 in its secure operating mode. The peripheral may access a givenresource by supplying the stored state information or a portion thereofto the given resource in order to obtain access to that resource. As onealternative, the peripheral may process the stored state information inorder to derive other information that is supplied to the given resourcein order to obtain access thereto. In an embodiment in which theaccessed resource comprises another one of the peripherals 104 of thesystem 100, the peripheral 104-i may utilize the stored stateinformation to access the other peripheral in conjunction with a bustransaction carried out between the two peripherals.

In step 208, the peripheral 104-i does not have enhanced access toresources. Thus, for example, the peripheral is only able to accessthose peripherals or other resources that it would normally be able toaccess in the absence of any delegation of access privileges from theprocessor 102. Accordingly, step 208 may involve one or more otherperipherals or resources denying access attempts by the peripheral 104-ior the peripheral 104-i refraining from making such access attemptsknowing that it has insufficient access privilege.

The process after completion of step 206 or step 208 for one or moreresource accesses returns to step 200 in order to allow the processor102 to convey any changes in its current operating mode. Such changes inoperating mode may arise, for example, as different software agentsrunning on the processor request the performance of tasks by theperipheral 104-i. As indicated previously herein, certain softwareagents running on a processor may be secure agents that execute in thesecure operating mode of the processor, while others are non-securesoftware agents that execute in a non-secure operating mode of theprocessor. Thus, the operating mode of the processor will typicallychange depending upon which type of software agents are currentlyexecuting, and may change, for example, from bus transaction to bustransaction. The process steps 200 through 206 or 200, 202 and 208 maythus be repeated for different bus transactions, depending on theoperating mode of the processor when conducting such transactions.

The process as illustrated in FIG. 2 for a particular peripheral 104-ican be repeated for other peripherals 104 of the system 100. Forexample, the processor 102 can delegate secure operating mode accessprivileges to two or more of the peripherals, such that multipleperipherals simultaneously have the delegated access privileges.

It is to be appreciated that the particular process steps shown in FIG.2 are not requirements of the invention, and alternative embodiments mayutilize other operations for delegating access privileges of a processorsecure operating mode to a peripheral.

FIG. 3 shows one possible implementation of the FIG. 2 process in thesystem 100 of FIG. 1. In this embodiment, processor 102 againcommunicates with a particular one of the peripherals 104 over the bus106. As previously, the particular peripheral is denoted 104-i, and mayrepresent any one of the N peripherals of the system 100.

The processor 102 in this embodiment stores state information 300indicative of its current operating mode. It will be assumed for thisembodiment that the processor is currently operating in its secureoperating mode, and thus the state information 300 is indicative of thesecure operating mode. The peripheral 104-i is partitioned into publicand private portions denoted 302 and 304, respectively, with the privateor secure portion storing state information 306 indicative of thecurrent operating mode of the processor 102. The storage of the stateinformation 306 in peripheral 104-i is performed in conjunction with abus transaction 310 carried out between the processor 102 and theperipheral 104-i. As described in conjunction with FIG. 2, the processorconveys the privilege level of its current operating mode to theperipheral 104-i, and the peripheral 104-i determines if that privilegelevel corresponds to a secure operating mode. If the peripheral 104-idetermines that the conveyed privilege level indicates that theprocessor is currently operating in its secure operating mode,corresponding state information 306 is stored in the private or secureportion of the peripheral 104-i. Otherwise, such state information neednot be stored.

The stored state information 306 is an example of a delegated accessprivilege that the peripheral 104-i receives from the processor 102.This delegated access privilege allows the peripheral 104-i to accessresources that it would not otherwise be able to access. The peripheral104-i is thus able to share, for a limited time and under otherconditions controlled by the processor, the access privileges of thesecure operating mode of the processor.

The peripheral 104-i utilizes the stored state information 306 to accessone or more other resources 312 in conjunction with one or more otherbus transactions 314. As mentioned above, these other resources 312 maycomprise one or more of the other peripherals 104 of the system 100.

FIG. 4 shows additional details associated with one possibleimplementation of processor 102 and a given peripheral 104-i. In thisexample, the processor 102 is shown as comprising a plurality ofsoftware agents 400, including a high privilege software agent 400H anda low privilege software agent 400L. The software agents 400H and 400Lmay be viewed as examples of what are more generally referred to hereinas secure and non-secure software agents, respectively. There may bemultiple other levels of privilege supported within a given processor,and the present invention is not restricted in this regard. Theprocessor 102 is coupled via bus 106 to interface circuitry 402 of theperipheral 104-i. This interface circuitry is coupled to functionalcircuitry 404, which is conventional circuitry configured to performwhatever functions are associated with the peripheral in question. Forexample, if the peripheral is an encryption engine, functional circuitry404 may comprise a cryptographic processor for encrypting data.Similarly, if the peripheral is a DMA engine, the functional circuitry404 may comprise conventional DMA circuitry.

It should be noted that the functional circuitry 404 may itself includea processor. Thus, the peripheral 104-i could be an intelligentperipheral that includes software execution functionality via its owninternal processor.

Also included in the peripheral 104-i is control logic 406 and securestate storage 408 within a memory 410. The control logic 406 isconfigured to process privilege level information received fromprocessor 102 via the interface circuitry 402. This processing includesdetermining if the privilege level is indicative of a secure operatingmode, and controlling secure storage of corresponding state informationin element 408 of memory 410. The control logic 406 may also beconfigured to perform processing operations associated with allowing theperipheral 104-i to access other resources based on the stored stateinformation.

The particular circuitry arrangement of peripheral 104-i as shown inFIG. 4 should be viewed as just one illustrative example of such aperipheral. It is to be understood that the invention can be implementedusing other types and configurations of peripherals, using a widevariety of different hardware, software and firmware components. Forexample, it was noted above that the functional circuitry 404 of theperipheral 104-i may comprise an internal processor, and the storedstate information could be stored in a secure portion of a memory withinthis internal processor, instead of in a separate memory as in theillustrative arrangement shown in FIG. 4.

A number of examples will now be described to illustrate the manner inwhich access privilege of a secure operating mode can be delegated fromprocessor 102 to a particular peripheral 104-i in the system 100 ofFIG. 1. The three examples to be described relate to three differenttypes of peripherals 104, namely, an encryption engine, a DMA engine,and an interrupt controller. It is to be appreciated, however, that thedisclosed techniques are applicable to a wide variety of otherperipherals.

In the first example, the peripheral 104-i comprises an encryptionengine. Such a peripheral may be used by the system 100 to encryptinformation that it wants to keep private from non-secure softwareagents. The encryption engine may be made secure in the presentembodiment by providing it with a capability to receive delegated accessprivileges from the processor 102. Thus, when the processor 102 isoperating in a secure mode, the corresponding state information issecurely stored in the encryption engine as previously described. Theencryption engine may utilize this securely stored state information toprevent any non-secure software agents from configuring the encryptionengine or accessing sensitive information such as encryption keys. Oncethe encryption engine has completed a task requested by a securesoftware agent, the previously-stored state information may be cleared,such that the encryption engine can then be accessed by secure ornon-secure software agents. Generally, the encryption engine storesstate information indicative of the processor being in its secureoperating mode, and for the duration of the corresponding requested taskthe encryption engine cannot be accessed by non-secure software agents.

In the second example, the peripheral 104-i comprises a DMA engine. Suchan engine is designed to move data to and from memory. A software agentrunning on the processor configures the source and destination memoryaddresses and then allows the DMA engine to transfer the data withoutfurther processor intervention. Such DMA transfers may be from onememory to another memory, or between one memory and other peripherals.Using the techniques disclosed herein, the DMA engine may be configuredto securely store state information indicative of the privilege level ofthe software agent configuring the DMA operation. This allows DMAtransfers to access protected memory resources only when the DMA enginewas configured by a secure software agent. It also prevents non-securesoftware agents from determining the source and destination addressesused by the DMA engine once it has been configured in the secure state.Otherwise, non-secure agents could learn the memory addresses wheresecure data is stored.

Finally, in the third example the peripheral 104-i comprises aninterrupt controller that utilizes the stored state information toconfigure interrupts as either secure or non-secure. Once an interruptis configured as secure, it cannot be modified by software agentsrunning at less than a secure privilege level. Also, only secureinterrupts are able to vector the processor into secure modes ofoperation. This ensures that a non-secure agent will not be able toconfigure the interrupt controller to generate an interrupt that willvector the processor from a non-secure operating mode to a secureoperating mode.

The illustrative embodiments described above allow a peripheral to storestate information that is indicative of the privilege level of theprocessor software agent that configured that peripheral. This stateinformation is stored in a secure manner and thus cannot be altered bynon-secure software agents. Moreover, the peripheral can utilize thestored state information to access other system resources that it wouldnot otherwise be able to access absent the delegated access privilegesof the processor.

These illustrative arrangements considerably improve the security ofprocessing systems that include multiple peripherals and one or moreprocessors that execute software agents in both secure and non-securemodes of operation. The access privileges of the secure processoroperating modes are delegated to the peripherals in a controlled manner,thereby eliminating additional security risks that could otherwise arisewithin such systems.

It should again be emphasized that the above-described embodiments areintended to be illustrative only. For example, the processing systemconfiguration and access privilege delegation process can be altered inother embodiments. As another example, the particular number and type ofprivilege levels may be varied to accommodate the needs of a givenapplication. Also, the particular manner in which the peripheraldetermines if the processor is in a secure operating mode, storescorresponding state information, and utilizes that stored stateinformation to allow the peripheral to access protected resources, canbe varied in alternative embodiments. These and numerous otheralternative embodiments within the scope of the following claims will bereadily apparent to those skilled in the art.

1. A method of delegating an access privilege from a processor to aperipheral in a processing system, the method comprising the steps of:storing in a secure portion of the peripheral state informationindicative of the processor being in a secure operating mode; utilizingthe stored state information to allow the peripheral to access at leastone resource that is accessible to the processor in the secure operatingmode but is not otherwise accessible to the peripheral; and clearing thestored state information upon completion of a corresponding task whereinthe task is performed by the peripheral at the request of a securesoftware agent running on the processor in the secure operating mode;wherein the stored state information comprises the access privilegedelegated from the processor to the peripheral and allows the peripheralto access said at least one resource that it would not otherwise be ableto access absent the delegated access privilege, thereby permitting theperipheral to share, under conditions controlled by the processor, theaccess privilege of the processor.
 2. The method of claim 1 wherein theprocessor conveys the privilege level of its current operating mode tothe peripheral.
 3. The method of claim 2 wherein the peripheraldetermines if the privilege level is indicative of the secure operatingmode and if so executes the storing step.
 4. The method of claim 1wherein the utilizing step further comprises the peripheral supplyingthe stored state information to a given resource in order to obtainaccess to that resource.
 5. The method of claim 4 wherein the givenresource comprises another peripheral of the processing system.
 6. Themethod of claim 2 wherein the processor conveys the privilege level ofits current operating mode to the peripheral in conjunction with a bustransaction carried out between the processor and the peripheral.
 7. Themethod of claim 6 wherein the peripheral utilizes the stored stateinformation to access a given resource in conjunction with a bustransaction carried out between the peripheral and the given resource.8. The method of claim 1 wherein the stored state information cannot bemodified by a software agent running in a non-secure operating mode ofthe processor.
 9. The method of claim 1 wherein the task comprises atleast one of an encryption operation, a direct memory access transferoperation and an interrupt generation operation.
 10. The method of claim1 wherein after the stored state information is cleared the peripheralis able to perform a task at the request of a non-secure software agentrunning on the processor in a non-secure operating mode.
 11. Amachine-readable non-transitory storage medium having encoded thereinmachine-executable instructions that when executed implement the stepsof the method of claim
 1. 12. An apparatus comprising: a peripheralconfigured to receive a delegated access privilege from a processor, theperipheral comprising: secure memory for storing state informationindicative of the processor being in a secure operating mode; andprocessing circuitry coupled to the secure memory and adapted to utilizethe stored state information to allow the peripheral to access at leastone resource that is accessible to the processor in the secure operatingmode but is not otherwise accessible to the peripheral and furtheradapted to clear the stored state information upon completion of acorresponding task wherein the task is performed by the peripheral atthe request of a secure software agent running on the processor in thesecure operating mode; wherein the stored state information comprisesthe access privilege delegated from the processor to the peripheral andallows the peripheral to access said at least one resource that it wouldnot otherwise be able to access absent the delegated access privilege,thereby permitting the peripheral to share, under conditions controlledby the processor, the access privilege of the processor.
 13. Theapparatus of claim 12 wherein the peripheral comprises an encryptionengine.
 14. The apparatus of claim 12 wherein the peripheral comprises adirect memory access engine.
 15. The apparatus of claim 12 wherein theperipheral comprises an interrupt controller.
 16. The apparatus of claim12 wherein the peripheral is integrated with the processor into a singleintegrated circuit.
 17. A processing system comprising: a processor; anda plurality of peripherals coupled to the processor; wherein at least agiven one of the peripherals is configured to store in a secure portionof that peripheral state information indicative of the processor beingin a secure operating mode, to utilize the stored state information toallow the given peripheral to access at least one resource that isaccessible to the processor in the secure operating mode but is nototherwise accessible to the given peripheral, and to clear the storedstate information upon completion of a corresponding task wherein thetask is performed by the given peripheral at the request of a securesoftware agent running on the processor in the secure operating mode;and wherein the stored state information comprises an access privilegedelegated from the processor to the peripheral that allows theperipheral to access said at least one resource that it would nototherwise be able to access absent the delegated access privilege,thereby permitting the peripheral to share, under conditions controlledby the processor, the access privilege of the processor.
 18. The systemof claim 17 wherein the processing system comprises a system on a chipin which the processor and one or more of the peripherals are combinedinto a single integrated circuit.
 19. The system of claim 17 wherein thegiven peripheral utilizes the stored state information to access anotherone of the peripherals in conjunction with a bus transaction carried outbetween the given peripheral and the other peripheral.